Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

CVEs (752)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-31419 1Parallels 1Parallels Desktop Nov 21, 2024 Apr 29, 2021 N/A· v4 6.5 MEDIUM· v3 2.1 LOW· v2 This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the tar...Show more This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12136.Show less
CVE-2021-31418 1Parallels 1Parallels Desktop Nov 21, 2024 Apr 29, 2021 N/A· v4 6.5 MEDIUM· v3 2.1 LOW· v2 This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the tar...Show more This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12221.Show less
CVE-2021-31417 1Parallels 1Parallels Desktop Nov 21, 2024 Apr 29, 2021 N/A· v4 6.5 MEDIUM· v3 2.1 LOW· v2 This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the tar...Show more This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12131.Show less
CVE-2021-30027 1Md4c Project 1Md4c Nov 21, 2024 Apr 29, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document.
CVE-2021-21218 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Apr 26, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
CVE-2021-29937 1Telemetry Project 1Telemetry Nov 21, 2024 Apr 1, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone() call panics within misc::vec_with_size().
CVE-2021-29936 1Adtensor Project 1Adtensor Nov 21, 2024 Apr 1, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix.
CVE-2021-29934 1Uu Od Project 1Uu Od Nov 21, 2024 Apr 1, 2021 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation.
CVE-2021-0463 1Google 1Android Nov 21, 2024 Mar 10, 2021 N/A· v4 5.5 MEDIUM· v3 1.9 LOW· v2 In convertToHidl of convert.cpp, there is a possible out of bounds read due to uninitialized data from ReturnFrameworkMessage. This could lead to local information disclosure with no additional execution privileges neede...Show more In convertToHidl of convert.cpp, there is a possible out of bounds read due to uninitialized data from ReturnFrameworkMessage. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154867068Show less
CVE-2021-21190 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Mar 9, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
CVE-2021-28035 1Stack Dst Project 1Stack Dst Nov 21, 2024 Mar 5, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a drop of uninitialized memory can occur upon a val.clone() panic.
CVE-2021-28033 1Byte Struct Project 1Byte Struct Nov 21, 2024 Mar 5, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics.
CVE-2021-28030 1Truetype Project 1Truetype Nov 21, 2024 Mar 5, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes.
CVE-2021-28029 1Toodee Project 1Toodee Nov 21, 2024 Mar 5, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows attackers to read the contents of uninitialized memory locations.
CVE-2021-26953 1Postscript Project 1Postscript Nov 21, 2024 Feb 9, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementation.
CVE-2021-26952 1Ms3d Project 1Ms3d Nov 21, 2024 Feb 9, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in the ms3d crate before 0.1.3 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via IoReader::read.
CVE-2021-26951 1Calamine Project 1Calamine Nov 21, 2024 Feb 9, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is u...Show more An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get.Show less
CVE-2021-26305 1Cdr Project 1Cdr Nov 21, 2024 Jan 29, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.
CVE-2021-25905 1Bra Project 1Bra Nov 21, 2024 Jan 26, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.
CVE-2020-36210 1Autorand Project 1Autorand Nov 21, 2024 Jan 26, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption.

Previous 1...272829...38 Next